Privacy policies

NOTICE OF PRIVACY

Business Name: Ten Medellin SAS

NIT.: 900360649-8

Address: CALLE 10 A No 34 – 11 Int. 127

Telephone:( 57+4) 4481034

DIEZ MEDELLIN SAS, through this notice, informs the holders of personal data that are in our databases that the personal data processing policies are:

PURPOSE FOR WHICH PERSONAL DATA IS COLLECTED AND PROCESSED: DIEZ MEDELLIN SAS may use personal data to: a) Execute the fulfillment of contracts signed between Diez Medellín SAS with its clients, suppliers and employees. b) Make contact in case of complaints, claims, suggestions or evaluate the quality of the service. c) Send commercial information, advertising or promotion about the products and/or services, in order to promote and/or invite. d) Develop the process of selection, evaluation, job placement, job calls and legal processes. e) Make orders and payments to suppliers and report tax information regarding purchases, in front of their suppliers. F)

Protect visitors and employees in the facilities, through CCTV.

Regarding the data obtained from the CCTV, these will be used for security purposes of the people and elements that are in the common areas in the facilities of DIEZ MEDELLIN SAS and may be used as evidence in any type of internal or external process, if the affected person makes the respective complaint before the competent authority and this is pronounced. The information will be used only for the purposes indicated here, and, therefore, DIEZ MEDELLIN SAS will not proceed to sell, transmit, or disclose it, unless there is express authorization to do so.

If a personal data is provided, said information will be used only for the purposes indicated here, all the information is hosted on our servers coordinated from our offices by the Technological Management area, these are not sold or rented to third parties and are kept private.

DIEZ MEDELLIN SAS may subcontract to third parties to support the development of the operation. When personal information is provided to third parties, DIEZ MEDELLIN SAS warns about the need to protect personal information with appropriate security measures, prohibits the use of information for its own purposes and requests that personal information not be disclosed to others. The collection of data corresponding to minor children and adolescents, and the respective authorization, must always be given through their legal representative, the treatment of these must respond to and respect the best interests of children and adolescents, and their fundamental rights.

1. RIGHTS OF THE PERSONAL DATA HOLDERS

The holders of personal data by themselves or through their representative may exercise the following rights a) Know, rectify and/or update their personal data b) Request proof of the authorization granted, except when expressly excepted as a requirement for Treatment, in accordance with the law. c) Revoke the authorization and/or request the deletion of the data when it is considered that the principles are not respected, in this regard, the revocation and/or deletion will proceed when the Superintendence of Industry and Commerce (SIC) has determined that in the treatment TEN MEDELLIN SAS or the person in charge have engaged in conduct contrary to Law 1581 of 2012 and Decree 1377 of 2013. d) Submit a request to DIEZ MEDELLIN SAS or the person in charge of the treatment regarding the use that has been given to your personal data. and/or file a complaint with the SIC for violations of the provisions of Law 1581 of 2012 e) Free access to your personal data that has been processed. f) Know our treatment policy and its modifications prior to implementation, these will be published on our website, the usual electronic means of contact with our owners.

INFORMATION PROCESSING AND PERSONAL DATA PROTECTION POLICY

DIEZ MEDELLÍN SAS is committed to complying with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, for which it informs its owners of this information processing and personal data protection policy.

Which will be mandatory for DIEZ MEDELLÍN SAS, as data controller, its employees and those third parties who, by provision of DIEZ MEDELLÍN SAS, assume the quality of data processors.

1. PURPOSE: To inform the holders of the scope and purpose of the treatment to which their personal data will be subjected by DIEZ MEDELLIN SAS, and in turn that they have knowledge of their Rights, procedures and mechanisms to perform treatment on their personal information.

2. DEFINITIONS:

For purposes of the execution of this policy and in accordance with the regulations, the following definitions will apply:

Authorization: It is the prior, express and informed consent of the owner to carry out the processing of their personal data.

Privacy Notice: Verbal or written communication generated by the person in charge, addressed to the owner for the treatment of their personal data, through which they are informed about the existence of the information treatment policies that will be applicable, the way to access to them and the purposes of the treatment that is intended to give personal data.

Database: It is the organized set of personal data that are subject to treatment, electronic or not, whatever the modality of its formation, storage, organization and access.

Personal Data: It is information of any kind, linked or that can be associated with one or more specific or determinable natural or legal persons.

Public Data: It is that type of personal data that the regulations and the Constitution have expressly determined as public and, for whose collection and treatment, the authorization of the owner of the information is not necessary. For example, data related to the marital status of people, their profession or trade, their quality as a merchant or public servant. Due to its nature, public data may be contained in public records, public documents, official gazettes and duly executed judicial decisions that are not subject to reservation.

Semi-private Data: It is personal data that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people or to society in general.

Sensitive Data: It is the personal data that affects the privacy of the Holder or whose improper use can generate discrimination, such as those that reveal, racial or ethnic origin, political orientation, religious, moral or philosophical convictions, union membership , social, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

Responsible for the Treatment: It is the natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the person responsible for the treatment.

Responsible for Treatment: It is the natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the treatment of personal data.

Owner of Personal Data: It is the natural or legal person to whom the information that rests in a database refers, and who is the subject of the right of habeas data.

Treatment of Personal Data: It is any operation and systematic procedure, electronic or not, that allows the collection, conservation, ordering, storage, modification, relationship, use, circulation, evaluation, blocking, destruction and in general, the processing of Personal Data, as well as its transfer to third parties through communications, consultations, interconnections, assignments, data messages.

3. REQUEST FOR AUTHORIZATION TO THE OWNER OF THE PERSONAL DATA

To obtain or collect personal data of the owners, DIEZ MEDELLIN SAS. will implement automated and written technical means, which allow proof of said authorization to be kept for eventual consultation or evidence if required.

The person in charge at the time of collecting the data will ask the owner of the data for their authorization, indicating the purpose for which the data is requested.

4. PRIVACY NOTICE

In the event that DIEZ MEDELLIN SAS cannot make this information processing policy available to the owner of the personal data, it will publish the privacy notice, the text of which will be kept for later consultation by the owner of the data and/or the Superintendency of Industry and Commerce.

5. PURPOSE FOR WHICH PERSONAL DATA COLLECTION AND TREATMENT ARE CARRIED OUT.

For what purpose is the Information used:

Execute the fulfillment of contracts signed between Diez Medellín SAS with its clients, suppliers and employees.

Make contact in case of complaints, claims, suggestions or evaluate the quality of the service.

Send commercial information, advertising or promotion about products and/or services, in order to promote and/or invite.

Develop the process of selection, evaluation, employment relationship, job calls and legal processes. Generate labor payments, social security, parafiscal contributions. Maintain in our database information regarding contact for emergency cases, academic training and career.

Make orders and payments to suppliers and report tax information regarding purchases, in front of their suppliers.

Protect visitors and employees in the facilities, through a CCTV installed at various points, these will be used for security purposes of people and elements that are in common areas in the facilities of DIEZ MEDELLIN SAS and may be used as support evidence in any type of internal or external process, if the affected person makes the respective complaint before the competent authority and it pronounces itself. The information will be used only for the purposes indicated here, and, therefore, DIEZ MEDELLIN SAS will not proceed to sell, transmit, or disclose it, unless there is express authorization to do so.

Data treatment:

The collection of data for the development of the treatment, will fall on the personal data received and stored by DIEZ MEDELLIN SAS, and will include all the information that is provided in the visit to the website www.diezhotel.com, as well as all that related to the services or reservations made to DIEZ MEDELLIN SAS. All information is hosted on our servers coordinated from our offices by the Technological Management area, these are not sold or rented to third parties and are kept private. Employee access to this information is controlled.  In the case of public data, the information collected will be that corresponding to the name, citizenship card number, profession, nationality, date of birth, email address, personal preferences and interests, work or activity, travel habits, among others. others.

The employees of DIEZ MEDELLIN SAS to enter the facilities and fulfill their work shift, register their fingerprint in a biometric system. This record is made only for this purpose, the employee information collected from various sources, is managed and guarded by the administrative area.

The recordings obtained from the CCTV circuit of the building are controlled and monitored 24 hours a day by the co-owner and protected by means of a video surveillance system for 15 days. The recordings obtained from the CCTV of the Hotel are recorded while the areas are in service work and consultation is only carried out as support in any type of administrative process, for external requests consultation is carried out if the external client requires it through the competent authority, The validity of this information is 3 days.

DIEZ MEDELLIN SAS, may subcontract to third parties to support the development of the operation. When personal information is provided to third parties, DIEZ MEDELLIN SAS warns about the need to protect personal information with appropriate security measures, prohibits the use of information for its own purposes and requests that personal information not be disclosed to others.

DIEZ MEDELLIN SAS will not process data considered sensitive, nor is data collection aimed at collecting information of a sensitive nature.

The collection of data corresponding to minor children and adolescents, and the respective authorization, must always be given through their legal representative, the treatment of these must respond to and respect the best interests of children and adolescents, and their fundamental rights.

The data and, in general, the information that is received when you enter the website www.diezhotel.com with the aim of optimizing and making your experience more efficient, cookies may be used, as well as the information on the internet pages may be obtained and stored. visited, from your IP address, through a recognition and tracking process that allows you to identify your preferences and identify you when you visit pages again, based on your IP address, which is not associated or linked to your name or your personal data. The user has the possibility of configuring his browser so that he is informed of the reception of cookies, being able, if he so wishes, to prevent them from being installed on his hard drive. However, for access to the Diez Hotel website, the installation of cookies will not be mandatory.

6. RIGHTS OF THE PERSONAL DATA HOLDERS

The rights that the owners have regarding the processing of their personal data are:

Know, validate and/or update your personal data. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose treatment is expressly prohibited or has not been authorized.  Request proof of the authorization granted, except when expressly excepted as a requirement for treatment, in accordance with the provisions of article 10 of Law 1581 of 2012.

Submit a request to DIEZ MEDELLIN SAS or to the person in charge of the treatment regarding the use that has been given to your personal data.

Submit to the Superintendence of Industry and Commerce complaints for violations of the Law.

Revoke the authorization and/or request the deletion of the data when it is considered that the principles are not respected by the person in charge of the treatment and that they have engaged in conduct contrary to the Law or when there is no legal or contractual obligation to maintain the personal data. in the database of the person in charge.  Free access to your personal data that has been processed at least once every calendar month, and every time there are substantial changes to the Information Processing Policies that motivate new queries. In case of requests whose periodicity is greater than one per calendar month, DIEZ MEDELLIN SAS, will generate a charge to the owner for the costs of shipping, reproduction and, where appropriate, certification of documents.

Know the modifications of this policy in a prior and efficient manner to the implementation of the new modifications and have easy access to the text of this.

Know the dependency or person authorized by DIEZ MEDELLIN SAS, to whom you can submit complaints, queries, claims and any other request about your personal data. Holders may exercise their legal rights and carry out the procedures established herein, directly or through the persons authorized by the general personal data protection regime, by presenting their citizenship card or original identification document. Minors may exercise their rights through their parents or adults who have parental authority, who must prove it through the relevant documentation.

7. DUTIES OF THE DATA CONTROLLER

DIEZ MEDELLIN SAS, must comply with the following with respect to the treatment of the data of its owners:

Inform the owner clearly and sufficiently about the purpose of the collection and the use given to their personal data and the rights that assist them.

Process the queries and claims made in the terms indicated in this policy, described in number 9 of this document.

Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

Require the data processor at all times to respect the security and privacy conditions of the user's information.

Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

8. RESPONSIBLE FOR THE PROTECTION OF PERSONAL DATA AT DIEZ MEDELLIN SAS

DIEZ MEDELLIN SAS has established the General Management area, Quality Analyst and Customer Service as people in charge of the attention to the holders. These areas will be jointly responsible for receiving and dealing with Requests, Complaints and Claims. Specifically, queries and claims regarding personal data will be processed in accordance with the Law.

Some of the particular functions of this area in relation to personal data are:

Receive requests from the holders of personal data, process and respond to those that are based on the Law, such as: requests to update personal data, requests to delete personal data, requests for information on the use and treatment given to your personal data, requests for proof of the authorization granted, when she has proceeded according to the Law.

Respond to the holders of personal data on those requests that do not proceed in accordance with the Law. The contact details of the General Directorate are: Physical address: Calle 10ª No 34 -11 Int. 127, Medellín Antioquia. /Email address: protecciondedatos@diezhotel.com /Telephone: (054) 448-10-34 /Position of contact person: General Manager

9. PROCEDURE TO EXERCISE THE RIGHTS OF HOLDERS OF PERSONAL DATA

9.1. INQUIRIES

DIEZ MEDELLIN SAS will have mechanisms so that the owner or representative of minor owners, formulate QUESTIONS regarding what are the personal data of the owner that rest in the databases of DIEZ MEDELLIN SAS, these mechanisms may be physical as a window procedure , or electronic as mail

electronic. Whatever the means, DIEZ MEDELLIN SAS must keep proof of the query and its response.

Before proceeding, the person responsible for attending the query will verify:

The identity of the owner of the personal data or his representative. For this, you can demand the citizenship card or original identification document of the owner, and the special or general powers of attorney, as the case may be.

If the applicant has the capacity to formulate the query, the person in charge will collect all the information about the owner that is contained in the individual record of that person or that is linked to the identification of the owner within the databases of DIEZ MEDELLIN SAS

The person responsible for attending the query will respond to the applicant as long as they have the right to do so because they are the owner of the personal data or the legal person in charge in the case of minors. This response must be sent within ten (10) business days following the date on which the request was received. This response will be mandatory even in cases where it is considered that the applicant does not have the capacity to carry out the query, in which case the applicant will be informed and given the option to demonstrate interest and capacity by providing additional documentation.

In the event that the request cannot be attended to within ten (10) business days following the consultation, the applicant will be contacted to inform them of the reasons why the status of their request is in process.

The final response to all requests may not take more than fifteen (15) business days from the date the initial request was received.

9.2. CLAIMS

DIEZ MEDELLIN SAS will have mechanisms so that the owner or representatives of minor owners, make CLAIMS regarding personal data processed by DIEZ MEDELLIN SAS that must be corrected, updated or deleted, or the alleged breach of the duties of Law by DIEZ MEDELLIN SAS. These mechanisms may be physical as a window procedure, or electronic as an email, whatever the means, DIEZ MEDELLIN SAS must keep proof of the query and its response.

The CLAIM must be presented by the owner or representative, as follows:

You should go to DIEZ MEDELLIN SAS.

It must contain the name and identification document of the holder.

It must contain a description of the facts that give rise to the claim and the objective pursued (update, correction or deletion, or fulfillment of duties).

You must indicate the address and contact information and identification of the claimant.

It must be accompanied by all the documentation that the claimant wants to assert.

Before proceeding, the person responsible for handling the claim will verify:

If the claim or the additional documentation is incomplete, DIEZ MEDELLIN SAS will require the claimant once within five (5) days after receipt of the claim to correct the faults. If the claimant does not submit the required documentation and information within two (2) months following the date of the initial claim, it will be understood that the claim has been withdrawn.

If for any reason the person receiving the claim within DIEZ MEDELLIN SAS is not competent to resolve it, it will be transferred to the General Management and/or Quality Management area, within two (2) business days following receipt of the claim. claim, and inform the claimant of such referral.

Once the claim is received with the complete documentation, a legend that says "claim in process" and the reason for it, in a term not greater than to two (2) business days. This legend must be kept until the claim is decided.

The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.

10. DATA COLLECTED BEFORE THE ISSUANCE OF DECREE 1377 OF 2013

In accordance with the provisions of numeral 3 of article 10 of Regulatory Decree 1377 of 2013 DIEZ MEDELLIN SAS will proceed to publish a notice on its official website www.diezhotel.com addressed to the holders of personal data for the purpose of publicizing the this information treatment policy and the way to exercise your rights as holders of personal data housed in the databases of DIEZ MEDELLIN SAS.

11. SECURITY

The data collected will always be treated within a framework of confidentiality, so they will not be provided, transferred or delivered to people other than or outside of MEDELLIN SAS. The databases are subject to security protocols that seek to protect personal data against unauthorized access, adulteration, loss, consultation, use or fraudulent access.

12. EFFECTIVE DATE

This Personal Data Policy was created on August 30, 2016 and is effective as of September 20, 2016. The period of validity of the database will be indefinite for as long as is reasonable and necessary in accordance for the purpose of the Treatment set forth in this policy. Any substantial change in these Policies will be promptly communicated to the Holders of the Personal Data, in an efficient manner, before implementing the new policies.